Hiroshima Red Cross Hospital & Atomic-Bomb Survivors Hospital

Secures medical and patient data

Challenges

Hiroshima Red Cross Hospital and Atomic-bomb Survivors Hospital aims to be an institution cherished and trusted by people everywhere while brandishing the ideals at the heart of Red Cross - humanity and charity. The Hospital has been designated as a secondary emergency and surgical medical institution and cancer treatment cooperative community health care hospital, and provides medical services in a total of 25 clinical departments to respond to the wide range of needs of the local residents.

It has actively adopted measures which promote better care through the use of IT, including the introduction of electronic medical records in 2004. The Hospital’s current systems operate on two networks - a medical system which mainly handles electronic medical records and image data, and an information system used for the collection of doctor and administrative data, and external coordination. “We operate the medical system network in a closed environment as it handles information regarding illnesses and medication which is highly confidential. It is physically separated from the information network as well as the internet and is also linked with Active Directory (hereafter, AD) to manage access privileges. This provides a mechanism to manage data safely,” says the Hospital’s Takahiro Hosoi.

However, the Hospital still faced challenges regarding safe management of its information system network.

Traditionally, the operational files of each department and materials created by doctors were saved on file servers and NAS constructed separately by different departments. “Consequently, data was scattered in all manner of places within the hospital and we were unable to immediately retrieve the data that we needed. In addition to the inconvenience this caused to daily operations, even the Medical Data Management Department which unifies the hospital’s systems was unable to see what kind of data existed and where it was, which meant we were unable to implement appropriate data leakage countermeasures,” says the hospital’s Tatsunori Shimakawa.

The situation also created a security risk when transferring data. “In cases where it was necessary to use data from one department on a PC from another department, we mainly used USB memory devices to transfer the data. This led to the risk of virus infection through the devices, as well as the risk of data leakage if the devices Hiroshima Red Cross Hospital & Atomic-bomb Survivors Hospital themselves were lost or stolen,” explains Shimakawa. The Hospital soon implemented countermeasures against the risk of virus infection and guaranteed security by distributing USB memory devices with virus-checking functions. However, the lack of protection against physical loss and theft was still an issue. “In addition, employees were exchanging data via email attachments, and this carried risks associated with the attachments passing through an external server,” adds Hosoi.

The Hospital investigated methods to collect and centrally manage the data dispersed throughout various departments and solve this core problem.

Solution

During its investigations, the Hospital discovered Trend Micro’s Trend Micro SafeSync™ for Enterprise (hereafter, SafeSync), an on-premises file sharing solution which exchanges data safely. The product allows safe and secure management of data by having an on-location file server, and also provides usability similar to the online storage of the general public cloud.

“Compliance guidelines of the Ministry of Health, Labor and Welfare prohibit medical institutions from using online storage which utilizes overseas servers. We are able to use SafeSync without issue because it is an on-premises solution. This allows us to collect the information system data, which had previously been dispersed throughout the hospital, in one place. As a result, we believe that we are able to visualize the data of the entire hospital,” says Shimakawa.

Most importantly for the Hospital, SafeSync has functions for coordination with AD. As an initial attempt to perform integrated data management, the Hospital had actually used a Windows Server-based file server to gather the hospital’s internal data. However, directly before the Hospital started using this approach, it became clear that it would be necessary to configure access privileges for each user from scratch. Separately configuring each of the more than 400 PCs on the information system network was not realistic when time and cost were considered, and in the end, this approach was not actually used.

“In this regard, SafeSync allowed us to configure account and access privileges easily through coordination with the existing AD. Specifically, we set up a new AD server inside a safe environment and replicated the AD that had been used by the medical systems network. We felt that when we linked the AD server with SafeSync, our administrative department would be able to perform batch user management,” says Shimakawa. This made it possible to easily configure access privileges simply by updating the information in AD when new staff arrived and others transferred or retired. Furthermore, SafeSync provides encryption functions which only allow designated members of staff to decrypt files, in addition to functions for obtaining access logs. The Hospital feels that security is also guaranteed, which has led to a favorable evaluation.

"Because actual file management is simple with SafeSync, it seemed that our users would accept it immediately. In addition, our degree of trust in Trend Micro and its considerable track record within the medical industry all supported the decision."

“Because actual file management is simple with SafeSync, it seemed that our users would accept it immediately. In addition, our degree of trust in Trend Micro and its considerable track record within the medical industry all supported the decision,” says Hosoi.

Results

The Hospital immediately ran SafeSync on two redundant physical servers. It built an 8TB virtual storage environment and prepared “capacity” to aggregate and collectively manage files on the information system network.

Currently, SafeSync accounts have been assigned to an initial segment of users and usage has begun. “In addition to the simplicity of configuring access privileges, we also are very impressed with the ease with which files and members of the public sphere can be added and deleted with drag-and-drop operations. Furthermore, we can now operate by sharing files on SafeSync, and we should be able to use the system to create materials collaboratively in the future. In addition, files attached to emails are automatically saved to storage, which is a big security advantage because we now only need to send information regarding links,” Shimakawa continues. “For the next step, we plan to use the new setup to exchange data between the medical system and the information system, which we are currently using USB memory devices for. Finally, we are planning to move towards a sharing environment which also includes access from outside the hospital.”

As the usage of SafeSync expands, the Hospital plans to investigate a change in the way that USB memory devices are utilized. “Eventually, it will be best to eliminate the risk of loss and theft by restricting the usage of USB memory devices,” says Shimakawa.

"In addition to the simplicity of configuring access privileges, we also are very impressed with the ease with which files and members of the public sphere can be added and deleted with drag-and-drop operations."

The hospital is currently engaged in work to reinforce some of its building against earthquakes, and is also constructing a new building to provide better convenience for its users. Alongside this construction, a renovation of system infrastructure is also moving forward. “We are investigating the introduction of tablet devices as a way to improve the quality of our medical services. SafeSync is compatible with multiple types of devices so we would like to look at using it on tablet devices eventually. We are awaiting the suggestions of Trend Micro,” concludes Hosoi.